Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!

Notices

Welcome to LinuxQuestions.org, a friendly and active Linux Community.

You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!

Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.

If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.

Having a problem logging in? Please visit this page to clear all LQ-related cookies.

Introduction to Linux - A Hands on Guide

This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.

Before getting to my need for advice, a quick introduction as this is my first post.

Back in the late 80s and early 90s when I was doing my PhD (Artificial Intelligence) I made ends meet by working as a sysop on Solaris machines. I'm afraid, however, that I have no Linux experience. Not having much time to delve into innerds for years, it's been easier to struggle along with Windoz.

Anyway, my problem: In May of this year my external USB drive (A Lacie 250GB) suddenly stopped working. The last time I'd backed up data on it was at the end of 2005, so I nearly killed myself. If memory serves, there was about 150GB of data on the drive (give or take 20GB) almost all raw camera files.

I removed the drive from the enclosure and found it was a Maxtor 7Y250PO (Maxline Plus II ATA-133). I tried connecting directly to an IDE cable but smartdrive reported a failing attribute 05. I immediately disconnected the drive, put it in a ziplock bag, and stuck it in the freezer.

Then I began my research. Although various utilities such as Spinrite and GetDataBack would be useful on a corrupt drive, I quickly came to the conclusion that for a hardware failing drive the best control seemed to come from a GNU utility called ddrescue by Antonio Diaz.

Not knowing much about the different distribs, I looked for LiveCDs and found Ubuntu. I used it to make an install onto my desktop. This machine has a 40GB SATA primary drive, and so I created a 10GB partition during Ubuntu installation for the system, plus there is another 479MB partition that was also created (scratch space?). Grub boots by default to Ubuntu (I'd rather default boot to Windows as these machine is my server driving printers, fax machines, VOIP phones, etc.) but I'll figure that out later.

Unfortunately, at that point I had an accident and spent the next 2 months in hospital. This week is the first time I've been physically able to go up a flight of stairs and get to my server.

So, I'm now ready to continue where I left off. I have a Seagate Barracuda 7200.10 320GB SATA drive that has never been formatted that I figure on using as the target drive for the image from the dying drive.

I've opened the case of the computer and I'm planning on using ddrescue in spurts while keeping the failing drive sitting on ice packs with a huge fan blowing across it. Anytime it seems to be heating up or failing I'll blonk it back into the freezer for a few hours (although I'm worried about power surges at start up, so I'd rather minimize this by swapping out ice packs as needed).

Once I've pulled whatever I can from the Maxtor to the Seagate, I can use GetDataBack or spinrite to try to recover the files (there's a utility in perl that turns a ddrescue logfile into a dos .bat file of spinrite commands, even!
).

Where I need advice, however, is around Ubuntu and ddrescue, since I'm a Linux newbie.

I've not installed ddrescue yet, but I have downloaded version 1.2. Is there anything special I should look out for while installing it on Ubuntu?

While surfing I found an article on toad .com (sorry, as it's my first post I can't post URLs, do a goggle on ddrescue, kernel and toad)
which mentions that kernal logging of error messages slows things down considerably. It gives a way of stopping fsync on each log message. I'm not sure if this is specific to RedHat or if it applies to Ubuntu as well, and if so, if the instructions are valid.

This week is the first time I've been physically able to go up a flight of stairs and get to my server.
Congratulations!

I've opened the case of the computer and I'm planning on using ddrescue in spurts while keeping the failing drive sitting on ice packs with a huge fan blowing across it. Anytime it seems to be heating up or failing I'll blonk it back into the freezer for a few hours (although I'm worried about power surges at start up, so I'd rather minimize this by swapping out ice packs as needed).
As far as I know the theory behind the freezer method (or urban legend, depends on how you look at it) is that metal parts have different heat dissipation qualities so when you freeze the drive parts that are stuck (are sposed to) shrink unequally and have a chance to settle and get unstuck. While drives in general operate "better" (longer, as in Mean Time Between Failure) at moderate temperatures this method obviously only works if some parts are stuck. If you power on the drive and you hear repeatedly ticking noises (head trying to re-align itself) you most likely are looking at a different type of failure. Just my experiences.

I've not installed ddrescue yet, but I have downloaded version 1.2. Is there anything special I should look out for while installing it on Ubuntu?
Installing ddrescue from source should be no problem provided you have the compiler and dependencies installed.

stopping fsync on each log message. I'm not sure if this is specific to RedHat or if it applies to Ubuntu as well, and if so, if the instructions are valid.
As far as I can see it's distro-agnostic Syslog (syslogd/klogd) info, and (temporarily) changing config should not be a problem. If you run Syslog-NewGeneration though you may need to read the man page for equivalent options.

Am I missing anything? Does anyone have any other advice?
I don't see anything missing. There's some things you could do to make for a smoother (or less error prone) ride like
- doing a dry-run with another disk. Practice doesn't really make perfect but at least you've got a chance of ironing out any wrinkles, get an idea of process time, etc, etc,
- dropping to runlevel 1 before the actual dd (only if you're comfortable enough with the commandline). This way no resources are hogged by the Desktop Environment and no users, network connections or scheduled jobs can interfere with the main process,
- making sure you have enough room for logging.
Once ddrescue has run you should make a backup of the backup (preferably on read-only media) so you always have an untainted copy if something goes awry.

Another post talks about massageing the drive by tilting it
slowly to help heads to come to position.
Might help. No personal experience.

Quote:

smartdrive reported a failing attribute 05

linux has smartmontools and this could read smart attributes.
Depending on whether this is worth the risk you may or not want
to use smartmontools to diagnose the error.
Saying that I believe the more you read the drive the
more you may endanger your data
You may want to disable/enable smartd (as root)
service smartd stop
I do not know but imagine ubuntu has it running by default?

Thanks to both emmanuel_uk and unspawn for the replies and really useful information.

I may well fiddle a bit with Linux and do a dry run at runlevel 1 before hitting the real thing.

If I dry run with the unformatted target drive, do I need to do anything to it before the real run to put it back into a pristine state or will the image write over it?

I will, of course, do a detailed report on whatever I get as a final result (even if only to say the drive died completely after 12 seconds and subsequently set fire to my house ).

On the freezer method, yes the idea is based on contraction, but once you take it out it's a good idea to keep it running as cold as possible as heat build up can cause expansion which can result in immediate head crash (well, that's the theory).

If I dry run with the unformatted target drive, do I need to do anything to it before the real run to put it back into a pristine state or will the image write over it?
I'd zero out the drive just in case. "dd if=/dev/zero of=/dev/hdb" for example if it's the second IDE HD.

It would be interested to know what the backup will result in and if GNU/Linux FOSS tools for recovery can help, we do have some. Since you didn't mention (or I didn't read) the FS, here's a short list:

[i]
It would be interested to know what the backup will result in and if GNU/Linux FOSS tools for recovery can help, we do have some. Since you didn't mention (or I didn't read) the FS, here's a short list:

Interesting. I'll have a look at these. I was counting on going back to DOS/Windows tools for trying to recover once I've made the image, since I know that Linux has limited NTFS support.

Given that we are talking about a 250GB drive with upwards of 150GB of data, I'm not going to go mad on trying multiple approaches to data recovery. I'd like to recover the data, but not to the extreme of having to restore that big an image a dozen times .

I'm going to read over the various links that yourself and emmanual_uk have posted and reflect a bit before deciding on next steps.

You need to choose between pushing the HD or not
depending how fast the utilities are, or you may want
to be very conservative. Anyway to use with care.
Some distros tune automatically HDs (mostly when installed,
so if you are going to use live cd, hum especially, maybe some
will try to set dma mode to ATA100 directly, some use the most
cautious approach and do no tuning. Have some thoughts (dry runs)
maybe about this one as well

You need to choose between pushing the HD or not depending how fast the utilities are, or you may want to be very conservative.
My approach would be to eliminate as much bottlenecks as safely possible and take care to not introduce new ones. For the 'victim drive' I would stay with defaults as much as possible.

(always astonish me how much mods know, I suppose that is why they are mods)
Each mod has her/his strenghts, but knowledge is not the only nor prime criterium Jeremy uses to choose moderators. Since I'm one of the LQ-sec moderators experience with forensics is a necessity. I should have mentioned earlier the 'victim drive' should always be mounted read-only to keep the system from trying to "correct" stuff. Be careful of any automounting mechanisms.

TCT/Sleuthkit are toolkits I generally would recommend only as a last choice before paying for Clean Room Ops. While not impossible to use they are forensic toolkits which means the learning curve is steep, you really must practice before using it and even then nobody sane will give any guarantees wrt ROI.

You need to choose between pushing the HD or not depending how fast the utilities are, or you may want to be very conservative.
My approach would be to eliminate as much bottlenecks as safely possible and take care to not introduce new ones. For the 'victim drive' I would stay with defaults as much as possible.

I should have mentioned earlier the 'victim drive' should always be mounted read-only to keep the system from trying to "correct" stuff. Be careful of any automounting mechanisms.

TCT/Sleuthkit are toolkits I generally would recommend only as a last choice before paying for Clean Room Ops. While not impossible to use they are forensic toolkits which means the learning curve is steep, you really must practice before using it and even then nobody sane will give any guarantees wrt ROI.

In haste, hesitate! Yet more useful info for me to think about and digest while I draw together my project plan.

And the advice to minimize unwanted activity was good. I had problems copying a flaky drive and when I removed network and DSL activity from interrupting it I had better luck. The closer you can let it have it's undivided attention focused to copying the drive only, the better off you are. Good luck.